/** * AuthMiddleware - Authentication and authorization middleware * * Provides middleware factories for: * - Token extraction and validation * - User context propagation * - RBAC enforcement * - Public route handling */ import type { AuthMiddlewareConfig, AuthMiddlewareHandler, AuthRequestContext, AuthenticatedContext, ExpressMiddleware, IncomingRequest, RBACMiddlewareConfig, TokenExtractionConfig } from "../../types/index.js"; /** * Auth middleware error codes */ export declare const AuthMiddlewareErrorCodes: { readonly MISSING_TOKEN: "AUTH_MIDDLEWARE-001"; readonly INVALID_TOKEN: "AUTH_MIDDLEWARE-002"; readonly UNAUTHORIZED: "AUTH_MIDDLEWARE-003"; readonly FORBIDDEN: "AUTH_MIDDLEWARE-004"; readonly PROVIDER_ERROR: "AUTH_MIDDLEWARE-005"; readonly CONFIGURATION_ERROR: "AUTH_MIDDLEWARE-006"; }; /** * Auth middleware error factory */ export declare const AuthMiddlewareError: { codes: { readonly MISSING_TOKEN: "AUTH_MIDDLEWARE-001"; readonly INVALID_TOKEN: "AUTH_MIDDLEWARE-002"; readonly UNAUTHORIZED: "AUTH_MIDDLEWARE-003"; readonly FORBIDDEN: "AUTH_MIDDLEWARE-004"; readonly PROVIDER_ERROR: "AUTH_MIDDLEWARE-005"; readonly CONFIGURATION_ERROR: "AUTH_MIDDLEWARE-006"; }; create: (code: "UNAUTHORIZED" | "FORBIDDEN" | "CONFIGURATION_ERROR" | "PROVIDER_ERROR" | "INVALID_TOKEN" | "MISSING_TOKEN", message: string, options?: { retryable?: boolean; details?: Record; cause?: Error; } | undefined) => import("../../core/infrastructure/baseError.js").NeuroLinkFeatureError; }; /** * Extract token from request context based on configuration */ export declare function extractToken(context: AuthRequestContext, config?: TokenExtractionConfig): Promise; /** * Create authentication middleware * * Validates tokens and attaches user context to requests. * * @example * ```typescript * const authMiddleware = await createAuthMiddleware({ * provider: 'auth0', * providerConfig: { * type: 'auth0', * domain: 'your-tenant.auth0.com', * clientId: 'your-client-id', * }, * publicRoutes: ['/health', '/public/*'], * }); * * // Use in request handler * const result = await authMiddleware(requestContext); * if (result.proceed) { * // Access authenticated context * console.log('User:', result.context?.user); * } else { * // Return error response * res.status(result.error.statusCode).json({ error: result.error.message }); * } * ``` */ export declare function createAuthMiddleware(config: AuthMiddlewareConfig): Promise>; /** * Create RBAC (Role-Based Access Control) middleware * * Checks if authenticated user has required roles/permissions. * * @example * ```typescript * const rbacMiddleware = createRBACMiddleware({ * roles: ['admin', 'moderator'], * permissions: ['read:users'], * }); * * // Use after auth middleware * const authResult = await authMiddleware(context); * if (authResult.proceed && authResult.context) { * const rbacResult = await rbacMiddleware(authResult.context); * if (!rbacResult.proceed) { * res.status(403).json({ error: rbacResult.error.message }); * } * } * ``` */ export declare function createRBACMiddleware(config: RBACMiddlewareConfig): AuthMiddlewareHandler; /** * Create combined auth + RBAC middleware * * Convenience function that combines authentication and authorization. * * @example * ```typescript * const protectedMiddleware = await createProtectedMiddleware({ * auth: { * provider: 'auth0', * providerConfig: { type: 'auth0', domain: '...', clientId: '...' }, * }, * rbac: { * roles: ['admin'], * }, * }); * * const result = await protectedMiddleware(context); * ``` */ export declare function createProtectedMiddleware(config: { auth: AuthMiddlewareConfig; rbac?: RBACMiddlewareConfig; }): Promise>; /** * Create request context from standard request object */ export declare function createRequestContext(req: IncomingRequest): AuthRequestContext; /** * Create Express-compatible middleware */ export declare function createExpressAuthMiddleware(config: AuthMiddlewareConfig): Promise;